CVE-2006-1731
EPSS 2.8%
Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
How to fix CVE-2006-1731
To remediate CVE-2006-1731, upgrade the affected package to a fixed version below.
- Debian/thunderbird—upgrade to 1.5.0.2-1 or later
Is CVE-2006-1731 being exploited?
Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.5.0.2-1